Does Ubuntu Influence Social Engineering Susceptibility?

. Ubuntu refers to living according to a set of values shared by people who believe in a certain way of life. The values of ubuntu include group solidarity, conformity, compassion, respect, human dignity, a humanistic orientation, and collective unity. Some people consciously live by ubuntu values while others do so unconsciously. Ubuntu is ingrained in human beings. The values of ubuntu in aggregate build trust, which inad-vertently feeds into the social engineering approach used in information security attacks. Ubuntu appears to increase vulnerability to the success of a social engineering attack. Social engineering is a key threat to information security in many organizations. Social engineers target employees as human beings are naturally vulnerable. This study argues that ubuntu influences the success of social engineering attacks. It views ubuntu as foundational in making humans vulnerable to social engineers. The values that ubuntu is based on lead humans to trust, conform, be compassionate and loyal, and desire to help others. Social engineers exploit these values to obtain information, which they use to breach the information security of the targeted organization. Because of ubuntu, the extensive work of building rapport and elicitation, which would otherwise have been exhausting, is already completed and ready to be exploited by the social engineer. This paper exposes the potential influence of ubuntu on social engineering attacks. It concludes that security awareness, education and training programmes must be adapted to counter these influences and safeguard information assets.


Introduction
Despite ever-improving technical information security measures, training, and awareness programmes, information security breaches still rage on [19,16].Technical measures cannot adequately protect information and ensure information security by themselves [16].These technical measures are dependent on the users of the information asset.These users are the weakest link in information security efforts [8,11].Several factors are responsible for the weak nature of the human in information security.Some centre around the humanness of the users [19].
Ubuntu is a Zulu word that describes "a quality that includes the essential human virtues; compassion and humanity" [24].However, it is often used in a more philosophical sense to mean "the belief in a universal bond of sharing that connects all humanity".This paper investigates the influence of ubuntu on the success of social engineering attacks on information users.Social engineering in the context of information security is the act of manipulating people into performing actions or divulging confidential information that can be used for a malicious purpose [14].Social engineers target the ubuntu in the user and exploit the trust that humans have by nature to obtain specific information [30].This information enables the social engineer to breach the target's information security.A social engineer is a person who uses deception to manipulate individuals into divulging confidential or personal information in order to gain unauthorized access to information and subsequently use that information for malicious purposes [12].The theory of planned behaviour explains possible reasons why the social engineer easily triggers the ubuntu in the user.
This paper aims to analyze ubuntu and understand how it influences social engineering susceptibility.Ubuntu disarms the victim.It creates a blind spot in evaluating the security threat, as the level of security skepticism required to protect the information is overwhelmed by the values of ubuntu in the victim.Ubuntu influences one's attitude and how one reacts to a situation requiring action.Ubuntu's analysis is performed through the application of the theory of planned behaviour, which helps predict planned human behaviour.Understanding the impact of ubuntu on users' susceptibility to social engineering attacks will enable the development of more effective information security awareness and training programmes, specifically regarding defenses against social engineering attacks [2].

Human behaviour
Humans are active in nature.From time to time social and other activities require that they take action and behave in particular ways to socially fit and survive in their dayto-day lives [26].Behaviour choices are motivated by immediate personal interest and wider social interest.The individual chooses the behaviour that is most beneficial [25].Social evaluation of the behaviour either encourages or discourages individual behaviour [21].There is always a balance between personal and social interests.Ubuntu, demographics, culture, stereotypes, stigma, personality, moods, and emotions determine what an individual perceives to be the right balance between personal and social interests [5].Human behaviour is a product of individual beliefs, how individuals evaluate the outcome of a certain behaviour, their perception of the social acceptance of the behaviour, their motivation to carry out the behaviour, and their ability to carry out the behaviour [9].The attitude of an individual is formed by beliefs about and an evaluation of the behaviour outcome.In contrast, the perception of social acceptance of the behaviour and the motivation to implement the behaviour form the subjective norms [3].
In this paper, the theory of planned behaviour is applied to discuss and understand ubuntu and how it influences attitude as well as how the values of ubuntu influence subjective norms.Figures 1 to 5 show our attempt at explaining the influence of ubuntu on human behaviour through the application of different elements of the theory of planned behaviour.The relationship between ubuntu, some biases, social bond theory, and personality traits and their influence on attitude and subjective norms are illustrated through Ajzen [2]'s theory of planned behaviour.

Ubuntu
Ubuntu is a way of life, with pillars of personhood, humanity, humaneness, and morality [21].Group solidarity, conformity, compassion, respect, human dignity, a humanistic orientation, and collective unity have, among others, been defined as key social values of ubuntu [22].According to Metz [21], ubuntu promotes the spirit that one should live for others.Harmony, friendliness, and community are seen as great goods.
According to ubuntu, one becomes a moral person insofar as one honours communal relationships [21].Furthermore, a human being lives a genuinely human life to the extent that he/she prizes identity and solidarity with other human beings, and an individual realizes his/her true self by respecting the value of friendship [21].
The social values of ubuntu are engrained in human existence.People have always lived in groups and used to communicate around the fire, in city markets, in pubs, or in cafés [30].Today social media has presented instant access to millions of people and individuals have new ways of interacting and fulfilling the ubuntu life philosophy.
The status of ubuntu as a golden thread and shared set of values has also allowed judges to feel at ease with freely applying ubuntu to new areas of law [15].Figure 1 shows how ubuntu influences the behavioural beliefs of the individual and how the individual evaluates the outcome of a specific behaviour in a given situation.Behavioural beliefs together with an evaluation of the behaviour outcome determine the individual's attitude.The attitude is one element of behaviour intention.The actual individual behaviour in a given situation is determined by factors such as predispositions, biases, traits, knowledge, ability, and skills.The values of ubuntu are some of the predispositions.Predispositions are important factors that influence an individual's emotions and behaviour [28].Figure 3 outlines the bias ubuntu brings that influences the attitude of the individual in specific situations.Bias is a variable in the outcome evaluation and therefore sways the attitude towards, for example, the situation.Bias prevents the person from being objective [25].Owing to the bias effect, people behave in particular ways because of how they feel rather than on a rational basis.People evaluate the outcomes of their behaviour through the frames of their bias.
Ubuntu engrains conformity, compassion, respect, human dignity, a humanistic orientation, and collective unity.These values bring the framing bias in that individuals evaluate their actions or respond to situations based on the question: "Will I still be respected if I behave in this manner or that manner?"Ubuntu brings the optimism bias in that the individual sees that behaving in a manner that is seen through the ubuntu value system confirms the humanness of the individual in the eyes of the group.It also brings the affect heuristic bias in that individuals choose how to behave based on the feelings of the group [25].As indicated in Figure 2, the values of ubuntu influence a person's subjective norms.Subjective norms are determined by normative beliefs and the motivation to comply with social expectation to act in a particular way.Subjective norms are regulated by social acceptance [8].Ubuntu promotes group solidarity, conformity, compassion, and collective unity [22].The individuals within groups are socialized and conformity is promoted through bonds such as attachment, commitment, involvement, and personal norms [16].Social bond theory postulates that when people build upon such bonds, their urge to indulge in antisocial or anti-establishment behaviours is reduced [16].The gain from behaving in the ubuntu way is that it brings praise to the individual and respect to the group.People generally have the desire to help other people and the desire to be liked by other people [11,13].Figure 4 shows how the influence of ubuntu on subjective norms is catalyzed by the endowment effect, trust, and the agreeable trait found in individuals.Like all other human behaviour, the practicing of ubuntu values occurs when individuals believe they have control.Behavioural controls are determined by control beliefs and perceived power.Perceived behavioural control, as shown in Figure 5, is the perception of the ease or difficulty with which a task or behaviour can be performed [28].
Individuals with apparently high self-esteem become overconfident and take high behaviour risks.The underlying belief is that they are in charge and aware of the risks relating to behaviour [19].
Tendencies such as control bias give individuals an illusion of control.They believe they can control or influence outcomes that they clearly cannot [25].People with high self-esteem are likely to be under an illusion of control and may unconsciously suffer from confirmation bias, which makes them believe that they are in control and are capable of behaving as expected and as required by their subjective norms.

Social engineering
Social engineering is increasingly becoming a way of gaining unauthorized access to information systems networks [10,18].Social engineering in the context of information security can be defined as the act of manipulating people into performing actions or divulging confidential information that may be used for a malicious purpose [14].Cybercriminals are turning to social engineering as organizations continue to build enough technical security that is difficult for criminals to compromise.Social engineers target employees' psychological makeup to obtain personally identifiable information that could enable them to breach the information security of the targeted organization [4].Employees are susceptible to social engineering tricks, as criminals apply complex ways of hacking the human in the employee [20].
Figure 6 shows the steps followed during a social engineering attack [23].The social engineering process intends to be deceptive in nature.The social engineer who follows the steps outlined in Figure 6 is likely to succeed in hiding his intentions.Attack formulation is the first stage, during which the goal of the attack and the target are identified.Information about the target is gathered from various sources and thoroughly assessed in the second stage.During the third stage, an attack angle is developed based on the assessment and analysis of the information.A relationship is developed during the fourth stage through communication and rapport building.In the fifth stage, the target is primed, information is elicited, and the attack is implemented.The sixth and final stage consists of aftercare and the closure of the attack assignment.Social engineers use a variety of methods to compromise their targets.These methods may be classified as technical-based, social-based, and physical-based [1].Technical-based attacks are conducted through the Internet via social networks and online services websites [31], while social-based attacks are performed through forming relationships with the victims in order to play on their psychology and emotions [17].Physical-based attacks are physical actions performed by the attacker to collect information about the target [29].

Ubuntu and social engineering vulnerability
Ubuntu is of value to persons who believe in practicing it.People can live by ubuntu values either consciously or unconsciously.Ubuntu is seen in behaviour.Behaviour is governed by attitudes, predilections, prejudices, emotions, and mental background.In many circumstances, mental efforts must be accomplished with such rapidity that the opportunity to apply the mind does not exist [5,8].Ubuntu, therefore, provides a point of reference for human behaviour in such situations.People's behavioural beliefs and the outcome evaluation of their behaviour are directly influenced by ubuntu.Ubuntu advertently builds trust between human beings.Table 1 illustrates the authors' integration of biases, traits, and ubuntu values that may have relevance to social engineering susceptibility.
While trust between human beings is a noble thing, social engineers exploit the human element of trust to obtain or compromise information about an organization or its computer systems [10,13,30].The social engineering vulnerability resides with human behaviour, human impulses, and psychological predispositions [6].People generally have the desire to help other people as well as the desire to be liked by other people, especially strangers.Professionals want to appear well informed and intelligent.If they are praised, they will often talk more and divulge more information.Most people would not lie for the sake of lying, and most people respond kindly to those who appear concerned about them [12].
People are predisposed to trust and cooperate with other people [13].Figure 7 shows how inherent ubuntu values expose humans as easy targets for social engineers.Social engineers develop trust with the target and then exploit that trust to obtain authorized information.Group solidarity, conformity, and respect consolidate trust between friends, associates, and families.

Attachment Group solidarity Collective unity
Group solidarity and collective unity lead to attachment, which in turn consolidates trust.Social engineers exploit the trust.

Commitment Collective unity
Collective unity builds trust between individuals.Social engineers exploit the trust.

Agreeableness Humanistic orientation Compassion
Humans have trust instincts.Humans trust unless proven wrong.Social engineers exploit the trust.

Endowment effect Respect
Ubuntu values are held in high regard.Individuals who exhibit them are trusted.Social engineers exploit the trust.

Heuristic effect Compassion Respect Humanistic orientation
Compassionate individuals are respected and trusted.Such individuals are seen as human and therefore earn trust.Social engineers exploit the trust.

Framing bias Group solidarity Collective unity
Being part of a group is valued among people with ubuntu and therefore consolidates trust.
Collective unity is valued among people with ubuntu and therefore consolidates trust.Social engineers exploit the trust.

Optimism bias Group solidarity Collective unity
Group solidarity and collective unity provide a sense of control, which in turn consolidates trust.Social engineers exploit the trust.
Halevi et al [13] identified five traits generally found in people.Firstly, neuroticism is a tendency to experience negative feelings, including guilt, disgust, anger, fear, and sadness.Neuroticism is likely to shape the attitude in the evaluation of the outcome of the intended behaviour (Figure 1).People with this trait may tend to find comfort in group solidarity and collective unity, which are values of ubuntu.People with a high level of this trait are susceptible to irrational thoughts, are less able to control impulses, and do not handle stress well.This tendency increases a person's vulnerability to social engineering.
Secondly, people with a high level of the extraversion trait tend to be friendly and outgoing and enjoy interacting with people around them.Extraversion is likely to influence the intended behaviour through subjective norms, as illustrated in Figure 2. Extraversion appears to consolidate trust, which is central to the success of a social engineering attack, as shown in Table 1.It is ubuntu to be friendly to and interact with other people.This trait is also a vulnerability, as these people are welcoming to strangers and probably expose themselves to elicitation by social engineers.
Thirdly, people who score high on openness tend to be imaginative and intellectually curious.They also tend to be open to new and unconventional ideas and beliefs.Such people will likely fall into the trap of wanting to appear well informed and intelligent while inadvertently giving away confidential information or information required by social engineers.Openness is likely to influence the intended behaviour through attitude (Figure 1), motivation to comply (Figure 2), and perceived behavioural control (Figure 5).The exploitable traits in Table 1 could facilitate this influence.
Fourthly, highly agreeable people are co-operative, are eager to help other people, and believe in reciprocity.Agreeable people are by nature susceptible to elicitation by social engineers.Agreeable people practice the values of ubuntu, and this way of life builds exploitable trust.
Lastly, conscientious people have high levels of self-control and are very organized.They are typically purposeful and strong-minded.Their vulnerability to social engineering is likely to come from overconfidence.People with this trait who practice ubuntu are likely to overestimate their perceived behavioural control and engage in behaviours that have good ubuntu intentions but lead them into social engineering traps.
Online behaviour tends to mirror offline behaviour [7,13,27].Therefore, ubuntu values lay the foundation for social engineering attacks, as trust is embedded in these values and social engineers exploit trust in human beings, as shown in Figure 7.The social engineer just needs to be a member or be seen as a member of the real or virtual community in order to build instant rapport and benefit from a social bond (e.g.attachment or commitment) with the target [16].

Conclusion
This paper analyzed human behaviour, ubuntu, social engineering, and the complementary relationship between ubuntu and social engineering attacks.Ubuntu can influence intended behaviour.Ubuntu is a likely source of human weakness in social engineering attack resistance.Social engineers who deliberately target ubuntu or its values are likely to succeed in the attack.
The paper identified the balance between personal and wider social interests as a determinant of actual behaviour.Ubuntu was identified as one of the factors that inherently influences individuals in determining what they perceive as the right balance between personal and social interests.
The paper demonstrated how ubuntu influences the behavioural beliefs of the individual and how the individual evaluates the outcome of a specific behaviour in a given situation.It further demonstrated the relationship between ubuntu values, subjective norms, and behaviour intention.Bias was discussed as a variable in the evaluation of the outcome of a behaviour.Bias prevents people from being objective in evaluating the outcome of the intended behaviour.The actual behaviour was found to be dependent on the actual or perceived ability, knowledge, and skills of the individual.
This paper concludes that ubuntu builds trust and interdependence between humans, which increases the victim's susceptibility to social engineering attacks.
This paper concludes that ubuntu and social engineering have a complementary relationship.Figure 7 illustrates the relationship between ubuntu and social engineering attacks as well as a possible point of disruption through security awareness, training and education (SATE) programmes.It is, however, acknowledged that the extent of the relationship is not known and further studies need to be done in order to establish the nature and extent of this relationship.In order to mitigate the influence of ubuntu in social engineering attacks, the social engineer's exploitation of ubuntu in the victim should be disrupted.The security awareness, training and education (SATE) programme is the tool used to protect access to ubuntu from the social engineer.
Further work is still required to determine how ubuntu could be factored into security awareness, training and education programmes and to develop an effective SATE framework to counter the influence of ubuntu on people's vulnerability to social engineering attacks.The general limitation of this paper is that empirical research is required to validate the conclusions.

Fig. 7 .
Fig. 7. Illustration of the interconnected relationship between ubuntu, the SE attack and prevention [Author hypothesized relationship]

Table 1 .
Comparison of ubuntu values and social engineering (SE) exploitable traits